Privacy Policy
Effective date: 30.10.2025
This Privacy Policy explains how Hegen UK LTD ("Hegen UK", "we", "us", "our") collects and processes your personal information when you use our website and services.
1) Who we are (Controller)
Hegen UK LTD
Ealing Cross, 1st Floor, 85 Uxbridge Road, London W5 5TH, United Kingdom
Company number: 13948661
Email: [email protected]
For data protection queries, you can contact us using the details above.
2) Scope
This Policy applies to our website https://hop-sport.uk/ and related services. It does not apply to third‑party sites we link to.
3) What data we collect
We collect the following categories of personal data:
Identification & contact data: first and last name, email address, telephone number.
Addresses: billing and delivery addresses.
Account & order data: account ID, order ID, items purchased, order history, refund details.
Transaction data: payment status, amount, timestamp; we do not store full card details (handled by payment providers).
Technical data: IP address, device and browser information, language, cookie identifiers and similar technologies.
Communications & preferences: messages sent to us (e.g., via forms or email), marketing preferences, unsubscribe status.
Email analytics (marketing only): open and click information from our email service provider.
We do not knowingly collect demographic data (age, gender) or data from children under 13.
4) Purposes & lawful bases
We process your data only where we have a lawful basis under UK GDPR. Below is a summary:
| Purpose | Data categories | Lawful basis | Typical retention |
| Process orders, deliver products, manage returns and customer support | Identification & contact, addresses, account & order, transaction | Contract (Art. 6(1)(b)) | Orders & invoices: 6 years (tax) |
| Account management and authentication | Identification & contact, account & order | Contract (Art. 6(1)(b)) | For life of account + up to 12 months |
| Invoicing, taxation, regulatory compliance | Order, transaction, invoices | Legal obligation (Art. 6(1)(c)) | Per statutory periods |
| Site security, fraud prevention, server logs | Technical data, limited account/order references | Legitimate interests (Art. 6(1)(f)) | Logs 12–24 months |
| Customer service (queries, complaints) | Identification & contact, communications | Legitimate interests (Art. 6(1)(f)) or Contract | 3 years from closure |
| Email marketing (newsletter, offers) | Identification & contact, preferences; email analytics (open/click) | Consent or soft opt‑in under PECR; right to opt‑out anytime | Until opt‑out + suppression list retained |
| Analytics (non‑essential cookies) | Technical data, cookie IDs | Consent (PECR + Art. 6(1)(a)) | Per cookie policy |
| Personalisation/remarketing (if enabled) | Technical data, cookie IDs | Consent (PECR + Art. 6(1)(a)) | Per cookie policy |
5) Cookies & similar technologies (PECR)
We use cookies to ensure the site works (strictly necessary) and—subject to your consent—to measure performance, personalise content, and support advertising.
Consent: Non‑essential cookies are set only after you choose “Allow” in our cookie banner; you can withdraw consent anytime via the banner or at https://hop-sport.uk/cookies
Control: You can also manage cookies in your browser settings; blocking non‑essential cookies won’t affect checkout but may limit features.
Detailed list: See the Cookie Schedule below for cookie names, providers, purposes, and durations.
We do not use advanced behavioural tracking (e.g., session recordings or mouse‑movement tracking).
6) Who we share data with (recipients)
We share personal data only with trusted service providers acting under contracts that include data protection terms:
Payment processors (e.g., PayPal, Stripe, Klarna – as applicable) for secure payments and refunds.
Hosting / e‑commerce platform & IT support to operate the website and databases.
Email and CRM service providers for newsletters and service communications (including open/click analytics for campaigns).
Couriers and logistics partners to deliver your orders and manage returns.
Security / CDN services (e.g., WAF, DDoS mitigation).
Professional advisers (legal, accounting) where necessary.
We do not sell your personal data. For third‑party sites you visit (e.g., payment providers, social media, marketplaces), their own privacy policies apply.
7) International transfers
Some providers may be located outside the UK (e.g., in the EEA or the USA). Where we transfer personal data internationally, we implement appropriate safeguards, such as:
the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses; and/or
where applicable, the UK‑US Data Bridge (extension of the EU‑US Data Privacy Framework).
We carry out transfer risk assessments where required. Details are available on request.
8) Security
We implement technical and organisational measures appropriate to risk, including TLS/SSL encryption, role‑based access, two‑factor authentication for admin access, firewall/WAF/CDN, regular patching, and encrypted backups. While no system is 100% secure, we take steps to protect your data against unauthorised access and loss.
9) How long we keep your data
We retain data only as long as necessary for the purposes above or as required by law. See the retention column in the table above. Where deletion is not immediately possible (e.g., backups), data is securely isolated and then erased per our retention schedule.
10) Your rights
Under UK GDPR you have the right to: access, rectify, erase, restrict, portability, and object to processing based on legitimate interests or to direct marketing at any time. Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
To exercise your rights, contact us at [email protected]. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/
11) Email communications & unsubscribe
Transactional emails (order confirmations, delivery updates, service notices) are necessary to fulfil our contract and will continue regardless of marketing preferences. Marketing emails are sent only with your consent or under soft opt‑in rules for existing customers. You can unsubscribe at any time via the link in every marketing email or by contacting us. We may receive aggregated information on opens and clicks to improve our communications.
Newsletter Sign-Up (Consent and Soft Opt-In)
We send marketing emails (including newsletters and special offers) only with your consent or under the soft opt‑in for existing customers about similar products. We use double opt‑in to confirm your subscription and keep records of consent (time, IP, preferences). You can unsubscribe at any time via the link in each email or by contacting us. Unsubscribing does not affect transactional emails (e.g., order confirmations). We may receive aggregated analytics on opens and clicks to improve our communications.
12) Children’s privacy
Our website is not directed to children under 13, and we do not knowingly collect their personal data. If you believe a child has provided personal data, please contact us to request deletion.
13) Links to other websites
Our site may include links to external websites (e.g., payment providers, social media, marketplaces). Their privacy practices are governed by their own policies; we are not responsible for them.
14) Changes to this Policy
We may update this Policy from time to time. We will post the latest version on this page with the effective date above.